Welcome! If this is your first visit, be sure to check out the FAQ by clicking the link above. You will have to login before you can post: click the LOGIN link at the top of this page to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Threaded View

migration from RBE to RBPM

Hi all,

...one topic which was probably discussed many times before but I cannot find any article about it...
Old NetIQ IDM is using RBE (Entitlement Service Driver and entitlement policies placed in a driverset). Those policies enable you to define very nice rules for entitlement assignment. E.g. user is member of the group “group01” and the attribute “customAttribute01” is set to “TRUE”, then assign role and get entitlement.
RBPM does not allow something like this. Or I am not aware about it. We can assign roles only to users, to groups or to containers.

Any idea how to achieve similar functionality in RBPM?
My first idea – dynamicGroups. We just need to take memberQueryURL from the policies, define new dynamicGroups with the same filter and allow dynamicGroups in UserApplication. But dynamicGroups are quite tricky and probably, it is not the best idea.